Hacker News new | past | comments | ask | show | jobs | submit login

Excuse the ignorance, but couldn't ISPs block the attacks?



That would make sense, but its hard:

- You need to identify the traffic to be filtered and the post states: "Due to always different destinations (IPs, ports, packet size) (..)"

- You need to maintain some agreement with a large number of ISPs

- You need to maintain some gossiping infrastructure to these ISPs

- ISPs may not care about your DDoS attack


Yes, network operators (should) participate in centralized black hole services like UTRS[1]. If you can identify the specific IPs that are under attack you make a BGP announcement to other participating networks asking them to drop traffic to that IP within their networks.

As a participant you can avoid paying to send outbound attack traffic, and also identify attack sources within your own network.

1. https://team-cymru.com/community-services/utrs/




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: